Backport 1.6.1: sanitize private key (#10474)

hashicorp · Dec 2, 2020 · 804debb · 804debb
1 parent 4165786
commit 804debb
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 1 deletion.
diff --git a/builtin/logical/database/backend_test.go b/builtin/logical/database/backend_test.go
@@ -649,6 +649,7 @@ func TestBackend_connectionCrud(t *testing.T) {
 		"allowed_roles":  []string{"plugin-role-test"},
 		"username":       "postgres",
 		"password":       "secret",
+		"private_key":    "PRIVATE_KEY",
 	}
 	req = &logical.Request{
 		Operation: logical.UpdateOperation,
@@ -669,9 +670,17 @@ func TestBackend_connectionCrud(t *testing.T) {
 	if err != nil || (resp != nil && resp.IsError()) {
 		t.Fatalf("err:%s resp:%#v\n", err, resp)
 	}
-	if strings.Contains(resp.Data["connection_details"].(map[string]interface{})["connection_url"].(string), "secret") {
+	returnedConnectionDetails := resp.Data["connection_details"].(map[string]interface{})
+	if strings.Contains(returnedConnectionDetails["connection_url"].(string), "secret") {
 		t.Fatal("password should not be found in the connection url")
 	}
+	// Covered by the filled out `expected` value below, but be explicit about this requirement.
+	if _, exists := returnedConnectionDetails["password"]; exists {
+		t.Fatal("password should NOT be found in the returned config")
+	}
+	if _, exists := returnedConnectionDetails["private_key"]; exists {
+		t.Fatal("private_key should NOT be found in the returned config")
+	}
 
 	// Replace connection url with templated version
 	req.Operation = logical.UpdateOperation

diff --git a/builtin/logical/database/path_config_connection.go b/builtin/logical/database/path_config_connection.go
@@ -207,6 +207,7 @@ func (b *databaseBackend) connectionReadHandler() framework.OperationFunc {
 		}
 
 		delete(config.ConnectionDetails, "password")
+		delete(config.ConnectionDetails, "private_key")
 
 		return &logical.Response{
 			Data: structs.New(config).Map(),

diff --git a/changelog/10416.txt b/changelog/10416.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+secrets/database: Sanitize `private_key` field when reading database plugin config
+```
diff --git a/changelog/README.md b/changelog/README.md
@@ -0,0 +1,3 @@
+# changelog
+
+This folder holds changelog updates from commit 3bc7d15 onwards. See [hashicorp/go-changelog](https://github.com/hashicorp/go-changelog) for full documentation on the supported entries.